Triage Squid Events
Security event triage rules determine which events require further follow up and which events can be archived without further investigation. CCP processes many events every day so effective triage helps analysts focus on the most important events.
- Determine if the event is an alert.
- If the event is an alert, assign a score. If the event is not an alert, it is not scored.